Exchange Admin Audit Log Event ID 25197

SourceExchange (LOGbinder EX)
LogAdmin Audit
Windows Security Log
Category
 • Subcategory
Object Access
 • Application Generated
Type Success
Failure
Discussions on Event ID 25197
Ask a question about this event

25197: New-DistributionGroup Exchange cmdlet issued

This is an event from Exchange audit event from LOGbinder EX generated by Log  Admin Audit.

On this page

See also the TechNet article on the cmdlet New-DistributionGroup

Free Security Log Resources by Randy

Description Fields in 25197

FieldDescription
OccurredDate and time when Exchange registered the cmdlet.
CmdletThe cmdlet that was issued.
Performed byThe user who issued the cmdlet.
Succeeded"Yes", if succeeded, "No", otherwise.
Error"None", if the cmdlet resulted in no error, the error message otherwise.
Originating serverThe host name of the server.
Object modifiedThe object that was modified by the cmdlet.
ParametersThe list of parameters, listing them by the parameter's Name and Value.
Modified propertiesModified properties, if any (otherwise "n/a").
Additional informationAdditional information, if any (otherwise "n/a").

Setup PowerShell Audit Log Forwarding in 4 Minutes

 

Where Does This Event Come From?

This Event Is Produced By

Which Integrates with Your SIEM

Examples of 25197

New-DistributionGroup Exchange cmdlet issued
Occurred: 12/22/2012 7:47:19 AM
Cmdlet: New-DistributionGroup
Performed by: sp2010.com/Users/Joe Taylor
Succeeded: Yes
Error: None
Originating server: SP2010-EX1 (14.02.0328.009)
Object modified: sp2010.com/Users/TestDistributionGroup
Parameters
  Name: Name, Value: [TestDistributionGroup]
Name: IgnoreNamingPolicy, Value: [True]
Modified Properties
  Name: Id, Old Value: [], New Value: [sp2010.com/Users/TestDistributionGroup]
Name: OriginalWindowsEmailAddress, Old Value: [], New Value: [TestDistributionGroup@sp2010.com]
Name: WindowsEmailAddress, Old Value: [], New Value: [TestDistributionGroup@sp2010.com]
Name: CoManagedBy, Old Value: [], New Value: []
Name: DisplayName, Old Value: [], New Value: [TestDistributionGroup]
Name: AddressListMembership, Old Value: [], New Value: [\All Groups;\Default Global Address List;\All Recipients(VLV);\All Groups(VLV);\Groups(VLV)]
Name: EmailAddresses, Old Value: [], New Value: [SMTP:TestDistributionGroup@sp2010.com]
Name: MemberDepartRestriction, Old Value: [Closed], New Value: [Open]
Name: PoliciesIncluded, Old Value: [], New Value: [{26491cfc-9e50-4857-861b-0cb8df22b5d7};9f175e9c-5823-48e5-8b05-e8c6abd6caa5]
Name: OrganizationId, Old Value: [], New Value: []
Name: Alias, Old Value: [], New Value: [TestDistributionGroup]
Name: ManagedBy, Old Value: [], New Value: [sp2010.com/Users/Joe Taylor]
Name: PrimarySmtpAddress, Old Value: [], New Value: [TestDistributionGroup@sp2010.com]
Name: SamAccountName, Old Value: [], New Value: [TestDistributionGroup]
Name: ArbitrationMailbox, Old Value: [], New Value: [sp2010.com/Users/SystemMailbox{1f05a927-1866-4a39-965f-346b15129334}]
Name: RawName, Old Value: [], New Value: [TestDistributionGroup]
Name: RecipientDisplayType, Old Value: [], New Value: [DistributionGroup]
Name: LegacyExchangeDN, Old Value: [], New Value: [/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=TestDistributionGroupe3f]
Name: ObjectCategory, Old Value: [], New Value: [sp2010.com/Configuration/Schema/group]
Name: RawManagedBy, Old Value: [], New Value: [sp2010.com/Users/Joe Taylor]
Name: OriginalPrimarySmtpAddress, Old Value: [], New Value: [TestDistributionGroup@sp2010.com]
Name: UMDtmfMap, Old Value: [], New Value: [firstNameLastName:837834787428846647687;lastNameFirstName:837834787428846647687;emailAddress:837834787428846647687]
Name: GroupType, Old Value: [None], New Value: [Universal]
Additional information: CmdletParameters/Parameter/Name= [Name]; CmdletParameters/Parameter/Value= [TestDistributionGroup]; CmdletParameters/Parameter/Name= [IgnoreNamingPolicy]; CmdletParameters/Parameter/Value= [True]; ModifiedProperties/Property/Name= [Id]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [sp2010.com/Users/TestDistributionGroup]; ModifiedProperties/Property/Name= [OriginalWindowsEmailAddress]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [TestDistributionGroup@sp2010.com]; ModifiedProperties/Property/Name= [WindowsEmailAddress]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [TestDistributionGroup@sp2010.com]; ModifiedProperties/Property/Name= [CoManagedBy]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= []; ModifiedProperties/Property/Name= [DisplayName]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [TestDistributionGroup]; ModifiedProperties/Property/Name= [AddressListMembership]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [\All Groups;\Default Global Address List;\All Recipients(VLV);\All Groups(VLV);\Groups(VLV)]; ModifiedProperties/Property/Name= [EmailAddresses]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [SMTP:TestDistributionGroup@sp2010.com]; ModifiedProperties/Property/Name= [MemberDepartRestriction]; ModifiedProperties/Property/OldValue= [Closed]; ModifiedProperties/Property/NewValue= [Open]; ModifiedProperties/Property/Name= [PoliciesIncluded]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [{26491cfc-9e50-4857-861b-0cb8df22b5d7};9f175e9c-5823-48e5-8b05-e8c6abd6caa5]; ModifiedProperties/Property/Name= [OrganizationId]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= []; ModifiedProperties/Property/Name= [Alias]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [TestDistributionGroup]; ModifiedProperties/Property/Name= [ManagedBy]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [sp2010.com/Users/Joe Taylor]; ModifiedProperties/Property/Name= [PrimarySmtpAddress]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [TestDistributionGroup@sp2010.com]; ModifiedProperties/Property/Name= [SamAccountName]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [TestDistributionGroup]; ModifiedProperties/Property/Name= [ArbitrationMailbox]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [sp2010.com/Users/SystemMailbox{1f05a927-1866-4a39-965f-346b15129334}]; ModifiedProperties/Property/Name= [RawName]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [TestDistributionGroup]; ModifiedProperties/Property/Name= [RecipientDisplayType]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [DistributionGroup]; ModifiedProperties/Property/Name= [LegacyExchangeDN]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [/o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=TestDistributionGroupe3f]; ModifiedProperties/Property/Name= [ObjectCategory]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [sp2010.com/Configuration/Schema/group]; ModifiedProperties/Property/Name= [RawManagedBy]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [sp2010.com/Users/Joe Taylor]; ModifiedProperties/Property/Name= [OriginalPrimarySmtpAddress]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [TestDistributionGroup@sp2010.com]; ModifiedProperties/Property/Name= [UMDtmfMap]; ModifiedProperties/Property/OldValue= []; ModifiedProperties/Property/NewValue= [firstNameLastName:837834787428846647687;lastNameFirstName:837834787428846647687;emailAddress:837834787428846647687]; ModifiedProperties/Property/Name= [GroupType]; ModifiedProperties/Property/OldValue= [None]; ModifiedProperties/Property/NewValue= [Universal]

For more information, see http://logbinder.com/support

Keep me up-to-date on the Windows Security Log.
Email*:
*We will NOT share this

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection



 

Additional Resources